AI Threat Alert
CVE-2025-61917
HIGHn8n's task runner leaks process memory to untrusted code nodes — any authenticated user with workflow edit access can read API keys, tokens, and secrets from other concurrent or recent workflow executions. If you run n8n for AI agent orchestration, this is a credential theft risk regardless of the 7.7 score: the Changed scope (S:C) means one low-privilege account can drain secrets from the entire platform. Patch to 1.114.3 immediately and rotate all credentials processed through n8n since version 1.65.0.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| n8n | npm | — | No patch |
Do you use n8n? You're affected.
Severity & Risk
Recommended Action
- 1. PATCH NOW: upgrade n8n to 1.114.3+ — this is the only full remediation. 2. If patching is delayed: restrict Code node permissions to admin-only users in n8n settings to limit the attack surface. 3. ROTATE CREDENTIALS: treat all API keys, OAuth tokens, DB passwords, and webhook secrets processed by n8n workflows since version 1.65.0 as potentially compromised. 4. Audit access logs for anomalous Code node creation, especially by non-admin users, or unusual outbound HTTP requests from workflow executions. 5. For hosted/cloud n8n: verify your managed version is updated and contact your vendor if uncertain. 6. Detection signal: alert on new Code nodes created by low-privilege accounts that allocate large Buffers or make unexpected external HTTP calls.
Classification
Compliance Impact
This CVE is relevant to:
Technical Details
NVD Description
n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.
Exploitation Scenario
An attacker with a standard n8n user account (obtained via phishing a team member or exploiting a shared workspace) creates a new workflow containing a Code node with: const buf = Buffer.allocUnsafe(65536); followed by an HTTP request exfiltrating the raw buffer contents to an attacker-controlled endpoint. By scheduling this workflow to run repeatedly during peak usage hours, the attacker captures memory residue from concurrent executions: OpenAI API keys from LLM orchestration nodes, PostgreSQL connection strings from database query steps, Slack tokens from notification workflows, and Stripe keys from payment automation. Each captured credential enables lateral movement into downstream systems — all from a single low-privilege n8n account with no AI/ML knowledge required.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N